If you’re on a Mac and you use ChatGPT, Codex, Codex CLI, or the Atlas browser, you have one week to update before things break. May 8, 2026 is the hard cutoff. Older builds — anything signed before OpenAI rotated certificates after the Axios supply-chain incident — will stop launching after that date.
The fix takes three minutes. Here’s the walkthrough, and then a plain-English read on what actually happened so you know whether to be worried.
The 3-minute update
Run this for every OpenAI Mac app you have installed. If you only have ChatGPT, you’re done in about 60 seconds.
ChatGPT Desktop
- Open ChatGPT
- Click the menu bar at the top → ChatGPT → Check for Updates (some versions: click your profile icon → Settings → About → Check for Updates)
- If an update appears, click Install and Restart
- After it relaunches, open Settings → About again and confirm you’re on the latest build
That’s it. Your conversation history is cloud-side, so nothing transfers, nothing migrates, nothing breaks. Pick up exactly where you left off.
Codex (the desktop coding agent)
- Open Codex
- Top-left menu → Codex → Check for Updates
- Install, restart, verify in Settings → About
If you’ve never seen this menu before, you’re probably running an older version that has Codex bundled inside the ChatGPT app — updating ChatGPT covers it.
Codex CLI
This is the developer-facing one. Open Terminal:
# If you installed via Homebrew
brew upgrade codex
# If you installed via npm
npm install -g @openai/codex@latest
# If you installed via the curl installer
curl -fsSL https://openai.com/install/codex.sh | sh
Then verify:
codex --version
Match the version number against OpenAI’s Codex release notes. If it doesn’t match the latest, your package source might be stale — reinstall fresh.
Atlas (OpenAI’s browser)
- Click the Atlas menu bar → Atlas → About Atlas
- If an update is available, you’ll see a button to install
- Restart the browser
Your tabs and signed-in sessions persist through the update. Bookmarks too.
How to confirm you’re safe
After updating each app, do this once:
- macOS Ventura, Sonoma, or Sequoia (13 / 14 / 15): open the app. If it launches without a “developer cannot be verified” warning, you’re on the new certificate.
- macOS Sequoia (15.x) only: System Settings → Privacy & Security → scroll to the bottom → if there’s a “ChatGPT was blocked” notice, click Open Anyway. This sometimes shows up briefly during the certificate transition. Once you click through once, it stops.
If you see the “developer cannot be verified” warning and you’ve already updated, your update probably didn’t fully apply. Quit the app fully (Cmd+Q, not just close the window), reopen, and check the version again.
Three FAQs every Mac user is going to ask
Is my data at risk?
No. OpenAI’s investigation concluded that no user data was accessed, no systems were breached, and the malicious code didn’t successfully exfiltrate the signing certificate. The certificates were rotated as a precaution, not a recovery. Your passwords and API keys were not affected and don’t need to be changed.
Will my chat history transfer?
Yes. Chat history is stored in your OpenAI account, not on your Mac. The new app version reads the same account and your conversations are all there.
What if I’m on macOS 13 (Ventura) or older?
The new ChatGPT certificate is compatible with macOS 13+. If you’re on macOS 12 or earlier, OpenAI has been quietly dropping support over the last few months — you may need to upgrade your macOS too. Check System Settings → General → Software Update.
What actually happened (the 90-second backstory)
Plain English: a developer tool that runs deep inside OpenAI’s build pipeline got compromised. Not OpenAI’s product, not your account — their internal build process.
On March 31, 2026, an attacker socially engineered the lead maintainer of Axios (an npm package used by millions of projects), hijacked his account, and pushed a poisoned version 1.14.1 to the npm registry. It sat there for 3 hours and 8 minutes before it was caught.
In that window, an internal GitHub Actions workflow at OpenAI ran npm install and pulled the malicious version. The compromised code attempted to exfiltrate secrets from the build environment — including OpenAI’s macOS code-signing certificate.
OpenAI’s investigation found that timing and other mitigating factors meant the certificate “was likely not successfully exfiltrated.” But “likely not” isn’t “definitely not.” So they rotated all certificates as a precaution. The May 8 deadline is when the old certificates fully stop working — by Apple’s own notarization rules, not OpenAI’s choice.
The attribution: North Korea’s Lazarus Group, specifically the BlueNoroff subgroup. The same crew that’s been running supply-chain attacks against crypto and AI companies for the last 18 months.
What this means for you
If you’re a casual ChatGPT user: Update the desktop app this week. Done. You’re not the target, your data is fine, the update takes a minute.
If you’re a developer using Codex CLI in production scripts: Update before May 8 or your scripts break. If you have CI/CD pipelines that pin a specific Codex version, update the pin. If you have hardcoded paths to the old binary, audit them now while it’s quiet rather than at 9 AM on May 8 when something breaks in production.
If you manage a team’s Macs (IT or office manager): Push the update through your MDM (Jamf, Kandji, Mosyle) this week. Don’t wait for users to do it themselves; some won’t, and you’ll spend May 8 morning answering “ChatGPT won’t open” tickets. The new certificate ID is published in OpenAI’s official response — verify against it in your security review.
If you’re a developer running Node.js projects: This is a wake-up call about npm supply-chain hygiene. Three things to do this week, even if you don’t use OpenAI: (1) audit your package-lock.json for any version pin that could pull a compromised update, (2) enable npm 2FA on your maintainer accounts if you publish packages, (3) read Anthropic’s recent Project Glasswing post for the broader supply-chain context.
What this can’t fix
A short list of honest limits on this incident:
- It can’t tell you whether you’d have been caught. The Axios maintainer was socially engineered through real-feeling LinkedIn outreach. Anyone running an open-source maintainership today is a target. The only durable fix is multi-maintainer review on package publishes.
- It doesn’t change your password reality. OpenAI passwords and API keys weren’t compromised by this incident, but if you’ve reused passwords across sites, the right move this month is to enable 2FA on every OpenAI account anyway.
- It won’t future-proof your Mac. This is the second supply-chain-related certificate rotation OpenAI has done in two years. Expect more. Build the habit of running Check for Updates on Mondays.
The bottom line
May 8 is real, the fix is genuinely 3 minutes, and the underlying incident was contained. Update ChatGPT Desktop, Codex, Codex CLI, and Atlas this week — all four if you have them, just the ones you use if you don’t.
If you want to understand the prompting and verification skills that make tools like ChatGPT and Codex safer to depend on day-to-day, our AI Fundamentals course is the on-ramp. The supply-chain story underneath this incident is the kind of thing every developer should be thinking about by mid-2026 — it’s not going to be the last one.
Sources:
- Our response to the Axios developer tool compromise — OpenAI
- OpenAI says to update Mac apps including ChatGPT and Codex as security precaution — 9to5Mac
- OpenAI urges Mac users to update ChatGPT and Codex apps after security warning — iThinkDiff
- OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately — Cyber Security News
- OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack — Let’s Data Science
- OpenAI’s macOS app-signing process hit by axios supply chain attack — SC Media
- Joe’s Take: The May 8 Deadline — New York Computer Help
- OpenAI macOS Security Update: Urgent Alert for All Users — Hoplon Infosec
